Thank you all for your feedback. We have heard your concerns and started a full review of the pools stratum code to ensure that we can rule out the possibility of an attacker exploiting a bug to submit fake or duplicate shares. After lots of tests we can rule out this assumption. Nevertheless we did use the opportunity to deploy some additional improvements to our stratum code both security and efficiency wise. Our mining servers can now handle the same amount of miners with just a fraction of the resources it used to require. This allows us, in case a server goes down, to quickly re-route mining to another server.
Security wise we did add a scalable IP blacklisting feature. This allowed us to quickly mitigate a fake share attack against the pool a few days ago.
The "-p diff" feature was disabled during the investigation and will be re-enabled it soon.
Also we have updated the pool to the latest Zcash 1.0.4 version and will soon start to test direct payouts to z addresses which will allow you to leverage the full potential of Zcash.
Thanks for mining with us!